IT Risk Management
Biometric system is the technological system that relies on using biological data or information about a person in order to identify that person. In today’s globalization, organization are employing the use of different biometric systems to improve security of their sensitive information (Nappi, 2018). Some of different types of biometric include fingerprint recognition, hand geometry recognition and iris recognition. Also, despite these biometric systems being secure, they have some weaknesses.
It’s an automated technique whereby an individual identity is identified or confirmed on basis of comparing two fingerprints. Fingerprint recognition is amongst the well-known biometric technologies that is commonly used. It involves the use of ridges and furrows in the finger as the distinguishing trait between people as it is immutable (Panchal, 2018). In order to capture fingerprints, different fingerprint reader hardware can be employed, optical sensors can be employed which uses light-sensitive micro-chip (CDD) to produce a virtual image; or ultrasound readers which works on principle of echography by sending high frequency signals to the transmitter and the acoustic signals from the finger are captured by the receiver. Some example application of fingerprint biometric includes; laptops and mobile phones, car and premises doors
An advantage of fingerprint biometric is that it’s an improved security system, doesn’t change naturally and its widely accepted unlike other traditional security systems. A few notable disadvantages include; it can be altered over time and its limited to people with damaged fingerprints.
Being the longest implemented biometric type, it works on basis of measuring the palm size, shape of the hand, finger length and width. A geometry scanner is used where user places his/ her hand on a platen and a silhouette image of both surface of the hand and a ‘side image’ is captured (Volonghi, 2018). When combined with other forms of recognitions, it can be applied on identification cars and in personal identification numbers (Gupta, 2016).
The hand geometry technique is simple, inexpensive, easy to use and it’s not affected by environmental factors which can result to dryness of the skin. However, the main disadvantage is that it’s not suitable for growing children since hand geometry information change over lifespan of a person
It’s an automated method that uses pattern recognition techniques of the iris of the human eye. Since no human share same iris pattern with another, this serves as a good basis for distinguishing identity between individuals (Marsico, 2016). The system exposes human iris to infrared rays thus capturing high resolution images and iris patterns are analyzed. It’s used in identifying access in computer login, in airports (as passports), ATMs and in accessing sensitive data.
An advantage of iris recognition is that it’s very high in accuracy, doesn’t undergo alteration over time and its very convenient to most people even those who wear glasses. It has some weakness in that it’s an expensive biometric method, its complex to integrate and use with other systems and also positioning if the eye to acquire high resolution image may be a problem.
The evolution of technologies has resulted to increased amount of data being held by organization hence more vulnerable to breaching activities. Data protections laws have been formulated and tightened all over the world as a strategy of securing sensitive data. However, with help of Privacy Enhancing Technologies (PET), some organizations have adopted the use of better controls to cope with data protection. PETs helps in improving confidentiality of data and also helps the users to secure their data and being able to decide what type of information to share with their third parties. Different types of PETs can be used on internet to enhance privacy of user information include encryption, identity management and Metadata and digital rights management.
It’s a type of cryptography whereby data or information is encoded in a way that its only accessible to authorized users while those unauthorized cannot. It uses a number of processes to store data in electronic form and ensure its transmitted over different networks without the information being accessed by unauthorized party. Data is usually encrypted with an encryption key (collection of unique algorithms) making the data to be scrambled or unscrambled (locking the data and unlocking it to readable format. This results to formation of cipher text (Jiao, 2018)
Data can be encrypted using either asymmetric or symmetric key cipher. An asymmetric key cipher also known as public key cryptography involves use of two keys; ‘public’ key and a secret ‘private’ key. The intended message is encoded using the public key while the secret key held by the recipient is used to decode the message. On the other hand, symmetric key cipher involves both encoder and decoder of the message to hold same secret key for encryption. For example, the data send using encrypted messaging services like WhatsApp is encoded with end-to-end encryption whereby only recipient and sender can read it.
It’s a type of security system that aims at improving trust between parties or agencies transacting in the online platform. identity management helps in describing the identity, authentication and roles of individuals within a certain network which boosts the security of the transacting parties. For example, to establish an identity, certain credentials about individual may be required to be presented for authentication; a password or a certain biometric recognition may be required. Some projects like the Privacy Identity Management for Europe (PRIME) emphasizes on enhancing the privacy of personal information held by individuals (Xu, 2018).
Metadata and digital rights management.
They are types of access control systems that restricts use, modification and distributions of unlicensed online content over variety of networks. Metadata helps in distinguishing different types of data; personal data and sensitive personal data like religious content (Hart, 2017). The use of Metadata is most reliable when integrated with Digital Rights Management (DRM). DRM addresses the issue of protecting electronic data thus providing high confidentiality, strong controllability and transparency over personal information, such as making copies of CD or DVDs, using copyrighted work for research and also accessing online content in the public domains (Ma, 2018).
Wireless Sensor Network (WSN) refers to a group of connected sensors that process high level information by monitoring and recording the condition of the physical environment. It’s widely applied in industrial monitoring and control, battlefield surveillance and crisis management (Pathan, 2006). The WSN consist of several nodes (hundreds or thousands) which are interconnected to one sensor.
Wireless Sensor Network architect and protocol stack.
The protocol stack of WSN follows the basis of OSI architecture model which consist of five layer (application, transport, network, data link and physical layer) and three cross section (task management, mobility management and power management) (Shankar, 2018);
Application layer- a layer protocol which manages traffic and contains numerous applications for converting data.
Transport layer- it’s a layer protocol which is liable of delivering data between sensor nodes.
Network layer- it serves the purpose of routing data from transport layer. However, it’s use depends on the field of application like being used in power saving, as a partial memory and as a buffer.
Data link layer- it’s a layer liable for error control, medium access control, multiplexing dataw2e and data creation and detection.
Physical layer- it’s a layer protocol that transmits signals from data link. It also selects the transmission frequency and medium, signal detection and carrier frequency generation.
Despite Wireless Sensor Network emerging in the field, attackers have devised different security threats to make the WSN weak and vulnerable to attacks. However, the information being transferred across the network need to be protected by employing some countermeasures. Security threats together with their countermeasures have been discussed below.
In this type of attack, a single node shows multiple identities to other nodes in the network thus the innocent nodes may be transmitting multi-path data through one malicious node. This attack usually lowers the security and integrity of data being distributed across the sensor network (A-Qurishi, 2018)
Countermeasures: This attack can be mitigated by using a public key cryptography which must be identified and verified. This helps to detect the multiple place occurrence of the malicious node. Also the attack can be avoided by authentication pf anodes in the sensor network by an innocent node.
Its amongst the dangerous attacks that restricts base station in gaining access to sense data thus resulting into a threat to the application layer. In sinkhole attack, lured traffic is passed through a compromised node in the sensor network thus creating a sinkhole with a compromised node at the center which routes all the information from neighboring nodes (Shafiei, 2014).
Countermeasures: this type of security threat can be mitigated by carefully designing routing protocols (for example geographic routing protocol). Also using encryption technique to send data with authentication codes or symmetric key encryption between anodes.
FloodingIt’s a form of Denial of Service (DoS) attack where a compromised node causes traffic of messages on the sensor network. The malicious node may replay some broadcast messages which will eventually cause traffic on the network (Mansouri, 2017).
Countermeasures: this threat on WSN can be mitigated by using the security data aggregation technique which involves the sensor nodes to securely aggregate the data before sending to the base station.
WSN has grown widely use in different fields like military, health and environment application. However, in order to protect the information being transferred, a combined effort of using the above mentioned countermeasures to mitigate the security threats will be vital.
Al-Qurishi, M, Alrubaian, M, Rahman, S, Alamri, A, ; Hassan, M 2018, ‘A prediction system of Sybil attack in social network using deep-regression model’, Future Generation Computer Systems, 87, pp. 743-753
De Marsico, M, Petrosino, A, ; Ricciardi, S 2016, ‘Iris recognition through machine learning techniques: A survey’, Pattern Recognition Letters, 82, pp. 106-115.
Gupta, P, Srivastava, S, ; Gupta, P 2016, ‘An accurate infrared hand geometry and vein pattern based authentication system’, Knowledge-Based Systems, 103, pp. 143-155
Hart, T, ; de Vries, D 2017, ‘Metadata Provenance and Vulnerability’, Information Technology ; Libraries, 36, 4, pp. 24-33
Heurix, J, Zimmermann, P, Neubauer, T, ; Fenz, S 2015, ‘A taxonomy for privacy enhancing technologies’, Computers ; Security, 53, pp. 1-17
Jiao, S, Zhuang, Z, Zhou, C, Zou, W, ; Li, X 2018, ‘Security enhancement of double random phase encryption with a hidden key against ciphertext only attack’, Optics Communications, 418, pp. 106-114
Ma, Z, Jiang, M, Gao, H, ; Wang, Z 2018, ‘Blockchain for digital rights management’, Future Generation Computer Systems, 89, pp. 746-764
Mansouri, D, Mokdad, L, Ben?othman, J, ; Ioualalen, M 2017, ‘Dynamic and adaptive detection method for flooding in wireless sensor networks’, International Journal Of Communication Systems, 30, 12, pp.
Nappi, M, Ricciardi, S, ; Tistarelli, M 2018, ‘Context awareness in biometric systems and methods: State of the art and future scenarios’, Image ; Vision Computing, 76, pp. 27-37.
Panchal, G, ; Samanta, D 2018, ‘A Novel Approach to Fingerprint Biometric-Based Cryptographic Key Generation and its Applications to Storage Security’, Computers ; Electrical Engineering, 69, pp. 461-478.
Pathan, A. S. K., Hyung-Woo Lee, and Choong Seon Hong “Security in Wireless Sensor Networks: Issues and Challenges” Advanced Communication Technology (ICACT), 2006.
Shafiei, H, Khonsari, A, Derakhshi, H, ; Mousavi, P 2014, ‘Detection and mitigation of sinkhole attacks in wireless sensor networks’, Journal Of Computer ; System Sciences, 80, 3, pp. 644-653
Shankar, A, ; Jaisankar, N 2018, ‘Optimal cluster head selection framework to support energy aware routing protocols of wireless sensor network’, International Journal Of Networking ; Virtual Organisations, 18, 2, pp. 144-165
Volonghi, P, Baronio, G, ; Signoroni, A 2018, ‘3D scanning and geometry processing techniques for customised hand orthotics: an experimental assessment’, Virtual ; Physical Prototyping, 13, 2, pp. 105-116.
Xu, H, Chen, J, ; Whinston, A 2018, ‘identity Management And Tradable Reputation’, Mis Quarterly, 42, 2, pp. 577-A7